C++20 Features and Fixes in VS 2019 16.1 through 16.6--Stephan T. Lavavej

By Adrien Hamelin | Jul 8, 2020 01:26 PM | Tags: community

Did you get up to date?

C++20 Features and Fixes in VS 2019 16.1 through 16.6

by Stephan T. Lavavej

From the article:

We’ve been busy implementing C++20 features in MSVC’s compiler and Standard Library, and migrating the latter to microsoft/STL on GitHub – in fact, we’ve been so busy that we haven’t posted a C++ toolset changelog since the VS 2019 16.0 toolset changelog. So, here are the compiler features and STL features/fixes that have shipped for production use in the last year.

As a reminder, the /std:c++17 and /std:c++latest compiler options are necessary to use C++17 and C++20 features...

PVS-Studio is now in Compiler Explorer!

By Andrey Karpov | Jul 6, 2020 04:39 AM | Tags: static code analysis pvs-studio godbolt compiler explorer

Now you can quickly and easily analyze the code for errors right on the godbolt.org site (Compiler Explorer). This feature opens up a large number of new possibilities – from quenching curiosity about the analyzer's abilities to being able to quickly share check results with a friend. Caution – GIFs!

PVS-Studio is now in Compiler Explorer

by George Gribkov

From the article:

If you want to see the output of your program, you can open the execution window by clicking "Add new... - > Execution only" in the code editor (not in the compiler window). In the gif below, you can see the output of the lab work taken from our page about free usage of PVS-Studio by students and teachers.

SonarQube / SonarCloud Improved Analysis -- Alexandre Gigleux

By ganncamp | Jul 2, 2020 01:50 PM | Tags: None

With recent releases SonarQube and SonarCloud offer expanded compiler support and additional security-related rules.

Improved C/C++ analysis

By Alexandre Gigleux

From the article:

There are tons of C/C++ compilers out there and we always get many requests by many users about additional compilers support. We listened and added the support of 10+ compilers to allow more developers to benefit from our C/C++ rules.

We want to help C/C++ developers to deliver code in production without vulnerabilities and more precisely we want to avoid buffer overflow to be exploited by hackers. This is why we implemented 4 rules looking at APIs that could be badly used and that open the door to buffer overflow attacks

ModernCppStarter & PVS-Studio Static Code Analyzer

By Andrey Karpov | Jun 29, 2020 10:09 AM | Tags: pvs-studio moderncppstarter modern c++ devsecops code quality

One of the ways to improve software quality is to check source code with static analysis tools. This section explains how to use the PVS-Studio analyzer to check projects built on ModernCppStarter. We provide a free license for open-source projects.

ModernCppStarter & PVS-Studio Static Code Analyzer

by PVS-Studio Team

From the article:

plog-converter will convert the report into the errorfile format (similar to GCC's messages), which can be conveniently viewed in a terminal window and the IDE. You can also have the report converted to an HTML file by using the -t fullhtml flag. Use the flags -a and -d to filter diagnostics. Run the plog-converter --help command to view the full list of available options.

Transforming C to C++

By zebedee | Jun 23, 2020 01:10 PM | Tags: None

New video on using the latest version of DeepEnds.

Transforming C to C++

by Zeb Mason

About the video:

Performs a clustering analysis on a C call graph then manipulates it within Visual Studio to prototype a class.

Creating traditional Visual Studio sln from CMake

By zebedee | Jun 17, 2020 01:16 PM | Tags: None

CMakeToVisualStudio parses CMake files to create a Visual Studio solution.

CMakeToVisualStudio

by Zeb Mason

About the release

CMakeToVisualStudio parses CMakeLists.txt and CMakeCache.txt files and creates a traditional Visual Studio solution from templated XML:

• Might not build properly
• Might be sufficient to work with historical tooling for Visual Studio
• LGPL v2.1 set of libraries for reading CMake and Visual Studio projects and writing Visual C++ solutions

DeepEnds Release 3.0.1 for free

By zebedee | Jun 15, 2020 11:30 AM | Tags: None

CycleRouter Ltd is pleased to announce a new release of our dependency analysis tool.

DeepEnds Release 3.0.1

About the release:

DeepEnds 3.0.1 analyses code for coupling and cohesion and deletes redundant code. It is a Windows program that integrates with Visual Studio.

It is free to use until the end of August 2020.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

By Andrey Karpov | Jun 8, 2020 11:12 AM | Tags: static code analysis pvs-studio godbolt compiler explorer bugs

We have added an option allowing you to experiment with the PVS-Studio static analyzer on the godbolt.org (Compiler Explorer) website. It supports analysis of C and C++ code.

A Note of Caution about Using PVS-Studio on godbolt.org (Compiler Explorer)

by Andrey Karpov

From the article:

This may be promising from the perspective of satisfying one's curiosity, writing articles, and so on. But there's a downside to it too: rather than using synthetic examples to explore or try out the tool, people may start relying on them to evaluate and compare it against other analyzers. And this is a very bad approach because the results will be unreliable and dependent on how the test examples are written.

SonarQube / SonarCloud detect buffer overflows in most POSIX functions

By ganncamp | May 21, 2020 09:57 AM | Tags: None

SonarQube and SonarCloud perform static analysis of C, C++ and 25 other languages. 

Detect C++ buffer overflows in most POSIX functions

By G. Ann Campbell

From the article:

Buffer overflows have been responsible for some of the most notorious crashes, worms, and hacks for more than 30 years, including the Morris worm, the Code Red worm, and the ping of death. More recently, VPNs have been compromised via buffer overflow; an overflow-related code execution flaw was found in macOS Mojave (fixed in Catalina); and a WhatsApp buffer overflow exposed users' private messages, location, and even camera and mic feeds. In short, buffer overflows aren't just bugs that could crash your program; they also represent serious threats to security. That's why we're excited to announce the availability of a new C and C++ rule to detect overflows in most POSIX functions: S5782, "POSIX functions should not be called with arguments that trigger buffer overflows".

PVS-Studio 7.07: Features Overview

By Andrey Karpov | May 16, 2020 05:40 AM | Tags: static analyzer sonarqube sast pvs-studio devops cwe

The purpose of this article is to give a general overview of the features of the PVS-Studio static analyzer.

PVS-Studio 7.07: Features Overview

by Ekaterina Nikiforova

From the article:

The next command I'd like to talk about is called "Display CWE Codes in Output Window". PVS-Studio is a static application security testing (SAST) tool, which means its warnings can be classified according to the Common Weakness Enumeration (CWE).